Pages

Monday 14 May 2012

Manage Cisco ASA5500 From Outside


Manage Cisco ASA5500 From Outside
 
Problem
If you have to look after a lot of client firewall's, or you simply want to be able to manage your own remotely then this can be done via the ASDM console.
Solution
ciscoasa> en
Password: *******
1 Log into the firewall > Go to enable mode.
ciscoasa# conf t
2 Go to configure terminal mode.
ciscoasa(config)# http server enable
3. Turn on the ASDM Server.
ciscoasa(config)# http 217.22.146.254 255.255.255.255 outside
4. Allow a host to connect from the Outside.
ciscoasa(config)# write mem
Building configuration...
Cryptochecksum: b984ffbc dd77cdbf f2cd8d86 0b8f3f96
3965 bytes copied in 1.490 secs (3965 bytes/sec)
[OK]
5. Save the configuration.
 
Now this has set up access for the host 217.22.146.254 so it can connect to the ASA from outside. This uses https (TCP Port 443). which is fine if you don’t use HTTP for anything else or have it “Port Forwarded” for a web site or Exchange Web Access etc. If you do, then you will need to set the ASDM to listen on a different port. To do this you need to enter the following commands.
ciscoasa> en
Password: *******
1 Log into the firewall > Go to enable mode.
ciscoasa# conf t2 Go to configure terminal mode.
ciscoasa(config)# no http server enable
3.Assuming you already have the ASDM server enabled quickly disable it (if this errors don’t worry just skip to the next step)
ciscoasa(config)# http server enable 24564. Now you need to enable the ADSM again on a particular port (in this example I’ll use TCP port 2456, but you can use any port from 1-65535.)
ciscoasa(config)# write mem
Building configuration...
Cryptochecksum: 244f5ae3 8088fc5e f1802a27 3bdac2b2
3970 bytes copied in 1.400 secs (3970 bytes/sec)
[OK]
5. Don’t forget to save the settings.
Now from the remote client simply open a web page and proceed to https://{public_IP_of the ASA}:2456

No comments:

Post a Comment